Removal of BinaryFormatter in .NET 8.0

### Description

Due to [security issues](https://aka.ms/binaryformatter), `BinaryFormatter` [will be removed in .NET 8.0](https://github.com/dotnet/designs/blob/main/accepted/2020/better-obsoletion/binaryformatter-obsoletion.md#net-8-nov-2023) and its `Serialize` and `Deserialize` methods are currently obsolete in .NET 5.0.

There is currently a single use of `BinaryFormatter`'s `Serialize` and `Deserialize` methods:
https://github.com/fluentassertions/fluentassertions/blob/834a2db00a60e2626655a28a129c084831b85880/Src/FluentAssertions/ObjectAssertionsExtensions.cs#L142-L153

Although it's a long way off until `BinaryFormatter` is removed, I figured it'd be a good idea to bring some attention to it. I stumbled upon this while working on #1754.

	private static object CreateCloneUsingBinarySerializer(object subject)
	{
	using var stream = new MemoryStream();
	var binaryFormatter = new BinaryFormatter
	{
	Binder = new SimpleBinder(subject.GetType())
	};

	binaryFormatter.Serialize(stream, subject);
	stream.Position = 0;
	return binaryFormatter.Deserialize(stream);
	}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Removal of BinaryFormatter in .NET 8.0 #1779

Description

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Removal of BinaryFormatter in .NET 8.0 #1779

Description

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions